[gentoo-user] google-chrome-103.0.5060 - choose password for new keyring

[the...@sys-concept.com]

After update to new chrome browser "google-chrome-103.0.5060"
A popup shows up:

"choose password for new keyring"

No explanation what is it, how to change it etc. Is it needed?

Was it discuss before?

--
Thelma

[Dale]

I don't use Chrome but google found this.

https://forums.linuxmint.com/viewtopic.php?t=312289

This may help too.

https://superuser.com/questions/890150/completely-stop-gnome-keyring-popups

Does one of those help?  They seem to address the problem in slightly
different ways. 

Dale

:-)  :-) 

[Dale]

the...@sys-concept.com wrote:

> Thanks,  there is a lot of information how to by-pass it but very
> little explanation which application request it or why is it there.
>  
>
>


One thing I read makes it sound like it is for a built in password
remembering tool. I know Firefox and Seamonkey has the same but I
disable those since I use BitWarden anyway.  One would think there would
be a setting in preferences to just disable all that.  I suspect few use
them given the popularity of LastPass, BitWarden and other tools that
are much more secure and portable.  Maybe looking for a password tool
setting would help.  I tried Chrome ages ago, didn't like it at all. 
That was several years ago so I'm clueless on it now.  Just thought
those suggestions might help. 

Dale

:-)  :-) 

[the...@sys-concept.com]

On 7/7/22 20:23, Dale wrote:

[the...@sys-concept.com]

Starting chrome with "--password-store=basic" solved the problem.

[Dale]

You found a solution that works.  That's great.  Now you can get back to
doing more important things.  ;-)

Dale

:-)  :-) 

[the...@sys-concept.com]

By upgrading one of my system, I've just noticed this behaviour is enforced (I think) by new package that was pulled by emerge:
[ebuild N ] gnome-base/gnome-keyring-42.1 USE="pam ssh-agent (-selinux) -systemd -test"
Upgrading just "chrome" did not ask me for any keyring password.

I don't use gnome, I use XFCE but I guess one of the package pull this as a dependency.

[Dale]

the...@sys-concept.com wrote:

> On 7/7/22 21:50, Dale wrote:
>>
>>
>> You found a solution that works.  That's great.  Now you can get back to
>> doing more important things.  ;-)
>>
>> Dale
>>
>> :-)  :-)
>
> By upgrading one of my system, I've just noticed this behaviour is
> enforced (I think) by new package that was pulled by emerge:
> [ebuild  N    ] gnome-base/gnome-keyring-42.1  USE="pam ssh-agent
> (-selinux) -systemd -test"
> Upgrading just "chrome" did not ask me for any keyring password.
>
> I don't use gnome, I use XFCE but I guess one of the package pull this
> as a dependency.
>  
>
>

Could disabling a USE flag remove that dependency?  It may not be
google-chrome itself but something else it depends on.  Using the --tree
option may help here.  Masking the keyring package may force emerge to
shine some light on what needs the package as well.  It should grumble
about it being masked along with what needs it. 

Sort of odd that something like this pops up all of a sudden with no
notice of the change. 

Dale

:-)  :-) 

[Dr Rainer Woitok]

Thelma,

On Thursday, 2022-07-07 23:13:47 -0600, the...@sys-concept.com wrote:

> ...

> By upgrading one of my system, I've just noticed this behaviour is enforced (I think) by new package that was pulled by emerge:
> [ebuild N ] gnome-base/gnome-keyring-42.1 USE="pam ssh-agent (-selinux) -systemd -test"
> Upgrading just "chrome" did not ask me for any keyring password.
>
> I don't use gnome, I use XFCE but I guess one of the package pull this as a dependency.

Run

$ emerge --pretend --unmerge gnome-base/gnome-keyring

to get the list of packages depending on "gnome-base/gnome-keyring".
Then check each of these packages for a set USE flag causing "gnome-
base/gnome-keyring" to be pulled in. At least in many cases such a USE
flag will be named just "gnome-keyring".

Sincerely,
Rainer

[John Covici]

Should not this instruction say emerge --pretend --depclean rather
than --unmerge ?

--
Your life is like a penny. You're going to lose it. The question is:
How do
you spend it?

John Covici wb2una
cov...@ccs.covici.com

[Matt Connell]

> > > By upgrading one of my system, I've just noticed this behaviour is enforced (I think) by new package that was pulled by emerge:
> > > [ebuild  N    ] gnome-base/gnome-keyring-42.1  USE="pam ssh-agent (-selinux) -systemd -test"

> > > I don't use gnome, I use XFCE but I guess one of the package pull this as a dependency.

Anecdote time from a fellow XFCE user. I previously fought against
having gnome-keyring and eventually gave up, since more and more things
wanted to use it. Now, I find it quite useful. Lots of GTK
applications (and XFCE is GTK based) want to use gnome-keyring, and
between evolution, dbeaver, nheko, and others, it has become a benefit
(to me) rather than an annoyance.

If you decide to give it a try, app-crypt/seahorse is a useful
companion application for managing the keyring's contents.

>
> Should not this instruction say emerge --pretend  --depclean rather
> than --unmerge ?

Since its pretended, the result is the same, ultimately.

[Arve Barsnes]

On Fri, 8 Jul 2022 at 15:34, Matt Connell <ma...@connell.tech> wrote:
> > Should not this instruction say emerge --pretend --depclean rather
> > than --unmerge ?
>
> Since its pretended, the result is the same, ultimately.
>

Actually, none of them gives you any info about why a package is
installed, and --unmerge doesn't even try to check. Without --pretend
it's perfectly happy to let you shoot yourself in the foot. What you
actually need to get portage to tell you what requires the package in
question is
# emerge --pretend --depclean --verbose gnome-keyring

Regards,
Arve

[Matt Connell]

On Fri, 2022-07-08 at 09:34 -0400, Matt Connell wrote:
> > Should not this instruction say emerge --pretend  --depclean rather
> > than --unmerge ?
>
> Since its pretended, the result is the same, ultimately.

I take this back. You're correct. depclean should show you what
packages depend on $package which is what is desired.

[the...@sys-concept.com]

Thelma

OK I think I got to the bottom of this, it is caused by package upgrade:
[ebuild U ] app-crypt/gcr-3.41.0 [3.40.0] USE="gtk introspection vala -gtk-doc -systemd% -test"

All other packages are new and pull-in as a dependency:

gnome-base/gnome-keyring-42.1 pulled in by:
virtual/secret-service-0 requires gnome-base/gnome-keyring

grep secret-service upgrade_07-07-22.txt
[ebuild N ] virtual/secret-service-0

virtual/secret-service-0 pulled in by:
app-crypt/libsecret-0.20.5-r3 requires =virtual/secret-service-0, virtual/secret-service

grep app-crypt/libsecret upgrade_07-07-22.txt
[ebuild N ] app-crypt/libsecret-0.20.5-r3 USE="crypt introspection vala -gtk-doc -test -tpm" ABI_X86="(64) -32 (-x32)"

app-crypt/libsecret-0.20.5-r3 pulled in by:
app-crypt/gcr-3.41.0 requires >=app-crypt/libsecret-0.20

And "app-crypt/gcr" was an upgrade.

So maybe it is better to leave it as it is, instead of fighting the system :-)
But it would be nice if there were some notes about it during emerge.
All of a sudden when starting chrome, a message box pops up "choose password for new keyring" (without any explanation) and all screen is frozen, only option is to enter a password or "cancel it".

Thelma

[Neil Bothwick]

On Fri, 8 Jul 2022 10:20:12 -0600, the...@sys-concept.com wrote:

> gnome-base/gnome-keyring-42.1 pulled in by:
> virtual/secret-service-0 requires gnome-base/gnome-keyring
>
> grep secret-service upgrade_07-07-22.txt
> [ebuild N ] virtual/secret-service-0
>
> virtual/secret-service-0 pulled in by:
> app-crypt/libsecret-0.20.5-r3 requires =virtual/secret-service-0,
> virtual/secret-service

The secret-service ebuild contains

RDEPEND="|| (
gnome-base/gnome-keyring
app-admin/keepassxc
)"

so emerge -1 keepassxc will keep gnome-keyring out, but you need one of
these password managers.


--
Neil Bothwick

Voting Democrat or Republican is like choosing a cabin in the Titanic.

[the...@sys-concept.com]

On 7/8/22 11:12, Neil Bothwick wrote:
> On Fri, 8 Jul 2022 10:20:12 -0600, the...@sys-concept.com wrote:
>
>> gnome-base/gnome-keyring-42.1 pulled in by:
>> virtual/secret-service-0 requires gnome-base/gnome-keyring
>>
>> grep secret-service upgrade_07-07-22.txt
>> [ebuild N ] virtual/secret-service-0
>>
>> virtual/secret-service-0 pulled in by:
>> app-crypt/libsecret-0.20.5-r3 requires =virtual/secret-service-0,
>> virtual/secret-service
>
> The secret-service ebuild contains
>
> RDEPEND="|| (
> gnome-base/gnome-keyring
> app-admin/keepassxc
> )"
>
> so emerge -1 keepassxc will keep gnome-keyring out, but you need one of
> these password managers.

I intent to keep it as it is. My question are:

- if I enter password for the keyring, how to change it in the future.
- do I need to keep that password, will I be ask to use the password
- which application application are using this keyring?

[Matt Connell]

On Fri, 2022-07-08 at 11:26 -0600, the...@sys-concept.com wrote:
> - if I enter password for the keyring, how to change it in the future.

The aforementioned seahorse will allow you to manage this. I'm certain
there's a CLI way to access it.

> - do I need to keep that password, will I be ask to use the password

You'll be asked for this password whenever some application tries to
read protected secrets from the keyring, eg. Chrome, in this case.

I believe pam can be configured to allow gnome-keyring to authenticate
against your X(FCE) session login, but I've never bothered to set this
up.

> - which application application are using this keyring?

Lots of things can hook into the keyring optionally. I mentioned a
few. Chrome, Chromium, Brave, dBeaver, nheko, Evolution.

[Dr Rainer Woitok]

Thelma,

On Friday, 2022-07-08 10:20:12 -0600, you wrote:

> ...

> app-crypt/libsecret-0.20.5-r3 pulled in by:
> app-crypt/gcr-3.41.0 requires >=app-crypt/libsecret-0.20
>
> And "app-crypt/gcr" was an upgrade.

This does not happen with the stable version 3.40.0 of "app-crypt/gcr",
only with the non-stable version 3.41.0 which has this additional dep-
endency. But then, as soon as 3.41.0 will become stable you'd have the
same problem.

Sincerely,
Rainer

[Wols Lists]

So why am I glad my USE= includes "-gnome" :-)

Although I don't use Chrome, so I wouldn't notice anyways :-)

Cheers,
Wol

[Martin Vaeth]

Wols Lists <antl...@youngman.org.uk> wrote:
> So why am I glad my USE= includes "-gnome" :-)
>
> Although I don't use Chrome, so I wouldn't notice anyways :-)

You are wrong: The dependency is unconditional, so USE=-gnome won't help.

What helps is to put a version of virtual/secret-service in your local
repository which does not actually pull in anything.
That's not very elegent, though: If suddenly the dependency is real,
things will break “silently”.

[Neil Bothwick]

On Sat, 9 Jul 2022 18:12:51 +0100, Wols Lists wrote:

> > Could disabling a USE flag remove that dependency?  It may not be
> > google-chrome itself but something else it depends on.  Using the
> > --tree option may help here.  Masking the keyring package may force
> > emerge to shine some light on what needs the package as well.  It
> > should grumble about it being masked along with what needs it.
> >
> > Sort of odd that something like this pops up all of a sudden with no
> > notice of the change.
> >
> So why am I glad my USE= includes "-gnome" :-)
>
> Although I don't use Chrome, so I wouldn't notice anyways :-)

google-chrome is a binary package, so USE flags won't make any difference
to its dependencies.


--
Neil Bothwick

We are from the planet Taglinis. Take us to your reader!